<?php
require_once 'db_conn.php';
header("content-type:text/html;charset=utf-8");

$username = $_POST["username"];
$password = $_POST["password"];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$password = md5("password");
//$password = md5($_POST["password"]);
//' or '1=1
$sql = "
SELECT * FROM `user` WHERE
username='$username'

and
password='$password'
limit 1;
";
//echo $sql;
//die;
$result = $conn->query($sql);
if($result->num_rows>0){
    $row = $result->fetch_array(MYSQLI_ASSOC);
    $_SESSION['uid']=$row['uid'];
    $_SESSION['uname']=$row['username'];
    header("Location:index.php");
}else{
    echo "用户名或者密码错误！";
 
    header("Location:login.html");
}
